Related
Disclaimer: None of this is my work! I only used guides from other people and decided to create single a step-by-step guide for the LG Velvet (4G version). I tried crediting all people at the end of the post.
I am not responsible if you brick your device - use this guide at your own risk and know what you are doing.
After unlocking, your fingerprint reader will no longer work, this can be fixed and the instructions can be found below.
All these tools are commandline tools (cmd) - you should know how to use them.
You should also be familiar with "adb" and "fastboot".
This is not a guide for noobs, only a guide made by a noob.
Unless mentioned otherwise, all these steps are to be done on your computer.
I used Windows 10, it should work on other platforms just fine with a few modifications.
Bootloader Unlock
(European Version - I have no idea about the possibilities of unlocking provider-locked phones or other regions!!!)
Create an account and follow the instructions here:
https://developer.lge.com/resource/mobile/RetrieveBootloader.dev
The steps are explained quite well, therefore I will not write them down here unless people actually have problems with the steps.
(Preparation on the phone: Enable developer options, allow USB debugging and allow OEM Unlock.)
As always, unlocking the bootloader will WIPE your phone.
Installing Magisk / Systemless root
(After you successfully unlocked the bootloader, remember to re-enable developer options on the phone and allow USB Debugging)
Download the latest firmware here.
Use the IMEI search if you don't know which one you need!
Using this page, you will eventually receive a link ending in .kdz.
I don't recommend using the Download tool provided by lg-roms, but instead this script:
https://forum.xda-developers.com/t/...nd-lgup_ui-fixer.3916444/page-2#post-84148225
Paste the .kdz URL in the tool and wait for the Download to complete.
Next, you will need a copy of kdztools. Download a copy of this repository.
Important: Do not download from "Releases" - they are outdated! Instead, download a copy of the current master branch!
To be able to use this tool, you need to have python3 installed.
I will not further describe this step as there are enough tutorials out there and it is usually self explanatory.
You will have to install the module "zstandard" for the script to work:
pip3 install zstandard
Click to expand...
Click to collapse
Use KDZ Tools together with the downloaded firmware.
First, exctrat the KDZ file:
python unkdz.py -f G910EMW10i_00_0520.kdz -x
Click to expand...
Click to collapse
You should now have a large .dz file in the subfolder "kdzextracted". We can use this file to extract the boot image:
python undz.py -f c:G91010i_00_user-signed-ARB0_COM1_EU_OP_0520.dz -s 41
Click to expand...
Click to collapse
After this step, you should have a file "boot_a.image" in the subfolder "dzextracted".
(If you received a different file, use "python undz.py -f c:G91010i_00_user-signed-ARB0_COM1_EU_OP_0520.dz --list" and search for the partition named boot, edit the number "41" in the previous command accordingly)
Rename the boot_a.image to "boot.img" and copy it to your phone.
Download and install the latest Magisk release on your LG device.
In Magisk, select Install and patch the boot.img file.
After patching, copy the patched Magisk image back to your computer, rename it for easier use.
Using adb/fastboot on your pc:
adb reboot bootloader
fastboot flash boot_a magisk.img
fastboot flash boot_b magisk.img
Click to expand...
Click to collapse
Finally
fastboot reboot
Click to expand...
Click to collapse
Wait for the phone to boot and check Magisk installation status.
Congratulations!
Disable automatic firmware updates on your phone if you want to avoid having to re-install a patched Magisk image after every update!
Passing SafetyNet (Google Pay and more)
(You might not need all steps - after every step, you can check SafetyNet status via Magisk and if it is still broken, continue with the next step.)
Reboot after every step!
In the Magisk App, open Settings (top right) and enable the option "MagiskHide"
Download Universal safetynet fix and manually add as a module in the Magisk app
Download Magisk Hide Props Conf (manual DL not needed, can be found as a module directly in the app)
Unless there was an update to SafetyNet, you should now be able to set up and use SafetyNet services like Google Pay
Fixing your fingerprint reader
After the bootloader unlock, you will no longer be able to register fingerprints. This can be fixed using the following steps:
Launch the hidden service menu by dialing #*462633*#910# (might require an inserted SIM card)
SVC Menu -> Handprint -> HandID Logging "ON"
Go to the start of the menu and then navigate to "Device Test" -> SAAT -> Manual Test -> Optical FingerPrint Test
Press SEVERAL times firmly on the green button until it says FAILED, confirm and exit the menu
Go to settings and set up your fingerprints!
AFAIK, you can now disable "HandID Logging" again
Gcam Buffer Fix (Viewfinder Lag)
Using Gcam on the LG Velvet 4G, you will notice that most of the ports will not work properly.
Only a few versions based on Gcam 6.x with the option "buffer fix" will somewhat work, but not very well.
If you have Magisk installed, you can install the Buffer Fix that was originally designed for the LG V40 (Use the one for Android 10). Just flash the ZIP as a Magisk module.
Some Gcams will crash but MGC builds by BSG appear to work well!
(I don't know how this buffer fix works so I don't know if it is healthy to flash a module that was designed for a different phone but I tried several bufferfixes for different phones and this one appears to work flawless.)
Credits:
The very good rooting guide for the LG Velvet 5G by MikGX - THANK YOU
https://forum.xda-developers.com/t/root-lg-velvet-lm-g900em.4171117/
KDZ Download Tool by CXZa
[LG TOOLS] LG-KDZ-dll-Tool/LGUP_UI-fixer/LG-Kdz-downloader
Please, do not share elsewhere as I want to be able to update if necessary ! LG-KDZ-dll-Tool/KDZ dll extractor (=old version) : this message actually, scroll down a bit... LGUP_UI-fixer LG-Kdz-downloader Share this thread or my blog instead...
forum.xda-developers.com
SafetyNet Fix by kdrag0n
MAGISK MODULE ❯ Universal SafetyNet Fix 2.4.0
Universal SafetyNet Fix Magisk module Magisk module to work around Google's SafetyNet attestation. This module works around hardware attestation and recent updates to SafetyNet CTS profile checks. You must already be able to pass basic CTS...
forum.xda-developers.com
MagiskHide Props Conf by Didgeridoohan
[MODULE] [DEPRECATED] MagiskHide Props Config - SafetyNet, prop edits, and more - v6.1.2
MagiskHide Props Config v6.1.2 Note: This project is dead, and has been for some time. I have not been involved in the Android modding scene for some time and I no longer have the energy to take it up again. If anyone feels like taking over...
forum.xda-developers.com
Buffer fix for LG V40 by Wyroczen.
[GCAM] Buffer fix by Wyroczen
[GCAM] Buffer fix by Wyroczen Hey, I've made buffer fix for LG V40 in a form of TWRP flashable zip and second option with file for replacement: It will fix lagging viewfinder in GCAM both nightsight and normal mode. Instructions: Boot into TWRP...
forum.xda-developers.com
Fingerprint fix instructions provided by raj_ch2002 for the LG G8X
Steps to get the Fingerprint working with unlocked bootloader and Root
Make sure you have backed up your 20e stock abl. You will need to download the Android 9 kdz "G850EMW10c_00_1126.kdz" link to Android 9 kdz: https://drive.google.com/drive/folders/1nVbxo_sLKXQ_qN030ZZCThd8peER0pRM?usp=sharing If you are already...
forum.xda-developers.com
(Linked by foggydew88 here) - thanks!
paolotheking for providing the LG Velvet 5g service menu code, which is similar to this model
LG Velvet Hidden Menu code
Enjoy: #*462633*#900# Works with G900EM
forum.xda-developers.com
Finally, thanks to the devs of Magisk, kdztools and lg-roms
Reserved
thx!
can you provide boot img for G910EMW10i?
GerRudi said:
Bootloader Unlock
(European Version - I have no idea about the possibilities of unlocking provider-locked phones or other regions!!!)
Create an account and follow the instructions here:
https://developer.lge.com/resource/mobile/RetrieveBootloader.dev
Click to expand...
Click to collapse
Hi. I wonder how it is possible to unlock the bootloader using this page since the LG Velvet 4G (LM-G910EMW) doesn't seem to be at the supported devices list. How did you got it?
Is there a way someone can help to unlock Korea version of velvet?
Can someone from 20a backup me system and vendor partitions ? Not the ones from kdz, i need as they are in the phone with partition backup app that requires root either with qfil? i can give instructions just dm me on telegram @EmanuelCN0 . I specifically need from EMW model.
Got the German Version of the phone (DEA) ... Everytime i want to use undz.py it says Error: extraneous data found IN version. Also unkdz.py says something but extracts the .dz. Any idea what i could do ?
Hello. I've succesfully rooted my European Velvet LTE/4G variant.
Most of the kdz extractors are a total disaster and won't work with recent KDZs. You have to use this one:
A correct extractor for LG's KDZ Android image files
A correct extractor for LG's KDZ Android image files - kdz.py
gist.github.com
This is the correct, working KDZ extractor. Save this raw Python script for example as a kdz_extractor.py.
Now, assuming you already have performed the previous necessary steps like installing zstandard with pip, all you have to do is:
python3 kdz_extractor.py -e <where to extract> <kdz to extract>
You'll have a file called 4.boot_a.img, around 96 MBs. Now you can keep following the OP guide.
I can provide the patched boot_a.img for LMG910EMW Android 11 20a version if someone needs it.
Pinging @Chick0Nugget and @KRAZZIEBOY because they were interested.
swaguduzo said:
Pinging @Chick0Nugget and @KRAZZIEBOY because they were interested.
Click to expand...
Click to collapse
Yeah i already saw it and it worked.... Just forgot to write you a big : THAAAANNNNK YooooooUUUU!!!!!!!!!
Hi. Thank you very much for the detailed explanations.
Update. Rooting worked for me for LG Velvet LMG910EMW and Android 12 with a minor change:
The extract of boot.img did not work as described. Following tools failed for me
1 kdztools -> "Error: extraneous data found IN version" :-/
2 LG Extractor tool -> ZlibException: Bad state - zero bytes :-/ (also with kdz DZ file)
3 "hovatek" ectractor -> unsupported data file :-/ (tested with both DZ and KDZ files)
4 adb dd command to dump the my-name boot partition -> permission denied :-/
Finally it worked with kdz.py from https://gist.github.com/iscgar/e0da0868df7b2f179b000c61f12d1a8c
So i just put in the 5GB Android 12 KDZ from my previous flash and it extracted all partitions including the boot_a.img/boot_b.img files (each around 93 MB).
A quick test with fastboot boot boot_a.img showed that they are working.
Btw. I unlocked the bootloader already with Android 10 (see other post), before i updated to Android 12 with LGROMUP1.1.
The original LGUP did not work because the roms i found are in region "DEA" and my phone seems to be restricted for EU market.
In LGROMUP1.1, this seems to play no role. There was no partition selection, just "flash" button, but it preserved the unlocked bootloader to my surprise.
A lot of automatic restarts until it reached 100%, but everything went smooth.
Cheers.
I am interested in this Velvet 4G with dual screen. Can you answer me two questions please: 1º Is the battery life good? 2º Does the dual screen of the Velvet 5G snap765 work in this 4G model? Thanks friends.
WARNING: THE FOLLOWING IS FOR INFORMATIONAL PURPOSES ONLY AND MAY FURTHER DAMAGE YOUR DEVICE. EXERCISE EXTREME CAUTION. USE ONLY AS A LAST RESORT.
This was tested with a Global OnePlus 9 LE2115
Overview
So I was encountering an error with MSM Download Tool that would show "Sahara communication failed" after about 18 seconds. This resulted in me being 100% unable to recover my device with MSM as it was continuously rebooting into EDL mode with no possibility of entering fastboot.
After much research, I stumbled upon a solution completely by accident. I was able to fix the issue by utilizing the following tools:
Qualcomm Sahara Tools - https://github.com/bkerler/edl
Oppo/OnePlus Decryption Tools - https://github.com/bkerler/oppo_decrypt
You need:
- Latest version of Python 3
- C/C++ build tools (gcc, Visual Studio, XCode) to build pip dependencies
- Dependencies installed using pip as specified in README.md of each repo
- Linux or macOS (Windows untested)
- *.ops file from your corresponding MSM Download Tool package
Process
Follow the instructions contained within the README of the above repos to download all files and install dependencies before continuing.
Spoiler: Extract ops package
Use opscrypto.py to extract the ops file you obtained earlier.
This results in a directory full of the decrypted contents of the update image (a collection of bin, img, and other files):
Code:
$ ./opscrypto.py decrypt lemonade_xxxx.ops
This creates an extract directory containing the decrypted files
Spoiler: Flash using edl.py
The wl subcommand for edl.py can then be used to write the aforementioned partitions.
The documentation describes the command thusly:
Code:
./edl.py wl dumps --memory=ufs >> to write all files from "dumps" folder to according partitions to flash and try to autodetect lun
I ran the command on the extract directory that was previously decrypted.
Additionally, I had to explicitly specify the OP9 EDL loader as well as specify that the flash memory was UFS and not EMMC:
Code:
$ sudo ./edl.py wl extract --memory=ufs --loader=Loaders/oneplus/0000000000514d67_a26bc25799770106_fhprg_op9.bin
This output was produced:
Code:
main - Using loader Loaders/oneplus/0000000000514d67_a26bc25799770106_fhprg_op9.bin ...
main - Waiting for the device
...............
.main - Device detected :)
main - Mode detected: sahara
Device is in EDL mode .. continuing.
sahara -
------------------------
HWID: <CLIPPED>
CPU detected: "lahaina"
PK_HASH: <CLIPPED>
Serial: <CLIPPED>
sahara - Uploading loader Loaders/oneplus/0000000000514d67_a26bc25799770106_fhprg_op9.bin ...
Successfully uploaded programmer :)
firehose - Chip serial num: <CLIPPED>
firehose - Supported Functions: program,read,nop,patch,configure,setbootablestoragedrive,erase,power,firmwarewrite,getstorageinfo,benchmark,emmc,ufs,fixgpt,getsha256digest
firehose -
firehose_client - Target detected: lahaina
firehose - TargetName=
firehose - MemoryName=UFS
firehose - Version=
firehose_client - Supported functions:
-----------------
program,read,nop,patch,configure,setbootablestoragedrive,erase,power,firmwarewrite,getstorageinfo,benchmark,emmc,ufs,fixgpt,getsha256digest
firehose -
Reading from physical partition 0, sector 8, sectors 1
Progress: |██████████████████████████████████████████████████| 100.0% Complete
Progress: |██████████████████████████████████████████████████| 100.0% Complete
oneplus - Oneplus protection with prjid 19825 detected
Writing ./param.bin to partition param.
firehose -
Writing to physical partition 0, sector 8, sectors 256
Writing ./persist.img to partition persist.
firehose -
Writing to physical partition 0, sector 2056, sectors 8192
Writing ./misc.bin to partition misc.
firehose -
Writing to physical partition 0, sector 10248, sectors 256
Writing ./frp.bin to partition frp.
firehose -
Writing to physical partition 0, sector 10632, sectors 128
Writing ./carrier.img to partition carrier.
QCSparse - Sparse Format detected. Using unpacked image.
firehose -
Writing to physical partition 0, sector 18440, sectors 12288
Writing ./opluslog.img to partition opluslog.
QCSparse - Sparse Format detected. Using unpacked image.
firehose -
Writing to physical partition 0, sector 34824, sectors 65536
Writing ./metadata.img to partition metadata.
firehose -
Writing to physical partition 0, sector 108616, sectors 4096
Writing ./super.img to partition super.
QCSparse - Sparse Format detected. Using unpacked image.
firehose -
Writing to physical partition 0, sector 145480, sectors 1
Writing ./userdata.img to partition userdata.
QCSparse - Sparse Format detected. Using unpacked image.
firehose -
Writing to physical partition 0, sector 2877512, sectors 2105
Writing ./ocdt.bin to partition ocdt.
firehose -
Writing to physical partition 3, sector 576, sectors 32
Writing ./oplusreserve2.img to partition oplusreserve2.
QCSparse - Sparse Format detected. Using unpacked image.
firehose -
Writing to physical partition 4, sector 6, sectors 32768
Writing ./devinfo.bin to partition devinfo.
firehose -
Writing to physical partition 4, sector 722224, sectors 1
Writing ./apdp.mbn to partition apdp.
firehose -
Writing to physical partition 4, sector 722481, sectors 4
Writing ./storsec.mbn to partition storsec.
firehose -
Writing to physical partition 4, sector 817779, sectors 6
Writing ./mdcompress.mbn to partition mdcompress.
firehose -
Writing to physical partition 4, sector 826302, sectors 12
Writing ./spunvm.bin to partition spunvm.
firehose -
Writing to physical partition 4, sector 831486, sectors 87
Writing ./rtice.mbn to partition rtice.
firehose -
Writing to physical partition 4, sector 839678, sectors 65
Writing ./abl_log.bin to partition abl_log.
firehose -
Writing to physical partition 4, sector 839870, sectors 4048
Writing ./android_log.bin to partition android_log.
firehose -
Writing to physical partition 4, sector 847966, sectors 4048
Writing ./qsee_log.bin to partition qsee_log.
firehose -
Writing to physical partition 4, sector 852014, sectors 4048
Writing ./hyp_log.bin to partition hyp_log.
firehose -
Writing to physical partition 4, sector 856062, sectors 4048
ConclusionAfter performing the above on a macOS device, the device successfully flashed in MSM on Windows 11.
I rebooted the device prior to attempting to flash after performing the above steps.
AddendumThis isn't a foolproof guide and may not even work for your device or may even damage it further.The process described above is somewhat advanced and very much undocumented and unsupported/unofficial/hacky.
I cannot vouch for the quality, security or effectiveness of the tools linked above.
I'm putting this out there in hopes it helps others and to gather more information about how MSM Download Tool and EDL mode actually work.
Please let me know if this solves any issues with MSM and I can potentially produce a guide if this method is proven safe.
Spoiler: Speculation / Thoughts
Firehose appears to be an executable elf file that is ran on the device, which then parses settings.xml and provision_*.xml contained within the ops file.
These files appear to contain the directives that allow MSM to recover bricked devices.
MSM appears to transmit these XML files to the firehose executable after loading it on the device.
These files reference the stock images, partition sizes, names, and extents that firehose then uses to provision the device.
Since firehose is simply an elf file that appears to rely on some preexisting data to be present on the device, some bricks may cause firehose to fail due to corruption of certain partitions.
Producing errors such as:
- Device mismatch
- Param preload error
- Sahara communication failure
- Waiting for device
- Waiting for COM port
The partitions shown in the output log appear to not be touched by MSM prior to sending firehose to the device, suggesting that it assumes they have been untouched.
Therefore, firehose may throw an error or fail to run entirely when attempting to recover some devices, even when using the correct MSM tool and drivers.
Despite being contained in the ops file, MSM doesn't appear to touch these partitions in its default Upgrade Mode.
That functionality may be locked behind more advanced modes such as SMT Download Mode, however, that mode is well known for causing more issues than it solves.
The tools above are open source reverse engineering tools that can do some rudimentary communication with OnePlus devices in EDL mode by utilizing a custom firehose binary (known as the "loader").
These appear to permit operations not possible with MSM's default behavior.
Spoiler: Observations
I was only able to get the edl.py tool to work on macOS.
I was unable to get this tool (edl.py) to work in Windows. It threw various libusb related errors despite using zadig as directed.
I observed that writing to any partition that was part of A/B dynamic partitioning would report that it was written successfully but in reality would only write 1 sector of the provided file.
However, a handful of other partitions appear to be writable, ones that typically can't be written to/aren't written with fastbootd or OTA side loading.
My IMEI and Serial Number were fully intact after flashing.
Bruh my pro was in that constant reboot state. Buss laugh if this is a Tually a fix for that
Click to expand...
Click to collapse
Hopefully it is. I'm curious to see if it works for others. I stumbled upon this right as I had given up and submitted a ticket to OnePlus.
At which point they said there's nothing to do and the device needed repaired.
So hopefully this is a reliable fix for devices that are super-bricked, because it saved me from having to send my device in.
Op9 was there all except I could always get to fastboot by pressing all buttons and hold until off and back on fb ,also several times monfrios all in one would read it dump and could reboot to fastboot .lol thanks again mon ,and I do some dumb junk to mine trying to get 5g on att all the time eventually I may need this .thanks in advanced for your efforts and interest .
Jessp4046 said:
Op9 was there all except I could always get to fastboot by pressing all buttons and hold until off and back on fb ,also several times monfrios all in one would read it dump and could reboot to fastboot .lol thanks again mon ,and I do some dumb junk to mine trying to get 5g on att all the time eventually I may need this .thanks in advanced for your efforts and interest .
Click to expand...
Click to collapse
This may be a solution to a problem that isn't all that widespread.
I found myself in this situation after flashing an Android 12 GSI to my device which involved mucking around with stuff I probably shouldn't have touched.
I've used MSM many times while experimenting but this time I really messed up and was out of options.
Amazingly, I stumbled across the tools above and was able to bumble my way to a solution. This took me about 4 days to resolve as the device refused to enter fastboot.
GlitterFartzz said:
This may be a solution to a problem that isn't all that widespread.
I found myself in this situation after flashing an Android 12 GSI to my device which involved mucking around with stuff I probably shouldn't have touched.
I've used MSM many times while experimenting but this time I really messed up and was out of options.
Amazingly, I stumbled across the tools above and was able to bumble my way to a solution. This took me about 4 days to resolve as the device refused to enter fastboot.
Click to expand...
Click to collapse
This is exactly what cause mine to loop. I tried flashing a 12 GSI lol
Jhoopes517 said:
This is exactly what cause mine to loop. I tried flashing a 12 GSI lol
Click to expand...
Click to collapse
I was actually able to get the GSI to boot, albeit with no cellular, fingerprint, etc. OP9 claims to be treble-compliant in the props but methinks that's a total lie.
I m waiting here
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
flameteam said:
I m waiting here
View attachment 5364413
Click to expand...
Click to collapse
Looks like you're trying to do a full dump of LUN 0 into a single bin file. LUN 0 contains a large chunk of data as it houses the super partition and the userdata partition.
I would recommend using the r subcommand to dump individual partitions or just use rl which will dump your whole device while neatly separating each partition into individual files.
To see exactly what each LUN is comprised of, you can use the printgpt command:
Code:
./edl.py printgpt --memory=ufs
Given that you're running in a VM, your I/O speeds are likely much lower.
I recommend at least booting into a Linux Live USB to do this.
If security is a concern, at a minimum I would recommend vfio passthrough via QEMU to pass your entire USB controller through from a Linux host.
IMO, virtualizing the USB connection will kill your throughput and put you at risk of data corruption.
GlitterFartzz said:
I was actually able to get the GSI to boot, albeit with no cellular, fingerprint, etc. OP9 claims to be treble-compliant in the props but methinks that's a total lie.
Click to expand...
Click to collapse
I couldn't this time. I was able to prior but no go.
my one plus 8t is completely hard bricked, black screen, no logo, no vibration, nothing. Now i cant use msm cuz always got sahara communication failed. This seems like the way to go, will update you if it works
Help me guys. I can't access anything and it's saying Sahara Comm. error at 18 sec. I tried this on Windows and Linux but it does not work........ It gives me this:
File "opscrypto.py", line 160
self.info = print
^
SyntaxError: invalid syntax
_MartyMan_ said:
Help me guys. I can't access anything and it's saying Sahara Comm. error at 18 sec. I tried this on Windows and Linux but it does not work........ It gives me this:
File "opscrypto.py", line 160
self.info = print
^
SyntaxError: invalid syntax
Click to expand...
Click to collapse
same here! oneplu 9 chinese version model 2110, screen its just black, but computer detects it.
thanks in advance
Kind of progress but still does not work... I get this error message:
Somebody help pls.......
@GlitterFartzz do you have any idea what this could be?
I have tried everything to get my Global one plus 9 back up and running again … monster what I do with drivers I get this error on msm tool . As you can see my phone is detected in tool but can put go past this point . I do not have access to download or fast or mode . Last steps I took was through this thread ——https://forum.xda-developers.com/t/fastboot-rom-pc-required-op9-stock-oos-11-2-2-2aa.4275727/—— and reached 1/2 way point (waiting on device) and now I can’t get oos back on phone .. does anyone have any tips or knowledge they can guide me to get my phone working with msm tool ? Much appreciated
Toggle on "Use lite Firehose" before running
Thanks shooter7889 , got past the SMT error by setting date back 2 years on laptop and turning Wi-Fi off. Now i am getting the Sahara error after 18 sec and if I toggle use lite firehouse i get the PARAM error after 8 sec. I have tried to follow steps on the READ ME section (advanced GitHub page )but i dont have any experience with the process as shown. Is it possible to get a easy step guide that can be put together to get past the Sahara error? for us less advanced members? Anything helps at this point. phone is a brick , only thing i can get into is EDL mode .
Justingaribay7 said:
Thanks shooter7889 , got past the SMT error by setting date back 2 years on laptop and turning Wi-Fi off. Now i am getting the Sahara error after 18 sec and if I toggle use lite firehouse i get the PARAM error after 8 sec. I have tried to follow steps on the READ ME section (advanced GitHub page )but i dont have any experience with the process as shown. Is it possible to get a easy step guide that can be put together to get past the Sahara error? for us less advanced members? Anything helps at this point. phone is a brick , only thing i can get into is EDL mode .
Click to expand...
Click to collapse
Mate what's your device model ? If you device model LE2113 flash https://androidfilehost.com/?fid=2188818919693804750 9pro eu msm rom. and after ınstallation flash op9 https://drive.google.com/drive/folders/1R_j8sML_46YrTp1HGfpS6zrAUeFl8uJU?usp=sharing
This is a great resource to have, nice work. I'll give it a go if I ever hit that state again. I've only had success using the pro msm tools up to this point for some reason with lite firehose when I get the Sahara or param info device not match error. Once I've lite msmed with the pro tool, I can normal msm with the nonpro tool, just like flame team mentioned
flameteam said:
Mate what's your device model ? If you device model LE2113 flash https://androidfilehost.com/?fid=2188818919693804750 9pro eu msm rom. and after ınstallation flash op9 https://drive.google.com/drive/folders/1R_j8sML_46YrTp1HGfpS6zrAUeFl8uJU?usp=sharing
Click to expand...
Click to collapse
Thanks for the reply flameteam . My device is LE2115 Global . Would this method still work on this Version?
I tried running the Eu tool . No luck . Same errors as the O2 tool . Tried different flash options such as light firehouse on and off .. Sahara error and Parameters error still present
After the software update, the wifi disappeared, then the software did not install via fastboot and now I am stuck on this screen, cannot install via fastboot at all.
İndir 1f950089 8837 4086 a7c3 c13e9255541e
Dosyayı indir 1f950089 8837 4086 a7c3 c13e9255541e
dosya.co
İndir photo5870996672321008991
Dosyayı indir photo5870996672321008991
dosya.co
1f950089-8837-4086-a7c3-c13e9255541e.mp4 - 9.3 MB
photo5870996672321008991.jpg - 157 KB
Did you make sure fastboot was properly installed?
twistedumbrella said:
It is recommended that platform tools is extracted to the root directory (C:\) on Windows or the home folder (~/) on Mac / Linux. Replace PLATFORM_TOOLS_FOLDER with the full path below.
Adding platform tools to PATH (Windows courtesy of LifeHacker):
Open the Start menu and search for “advanced system settings.”
Click “View advanced system settings.”
Click the box that says “Environment Variables.”
Under “System variables” click on the variable named “Path”.
Click “Edit...”
(Windows 7,8): Add ;[PLATFORM_TOOLS_FOLDER] to the end of the “Variable value” box. Do not forget the semicolon.
(Windows 10): Click “New” and paste the folder path where you extracted the Platform Tools. Hit Enter and click OK.
Adding platform tools to PATH (Mac / Linux):
Add the following line to ~/.bash_profile (or .profile)
PATH=$PATH:[PLATFORM_TOOLS_FOLDER]
Open a terminal window and enter this command
source ~/.bash_profile (or .profile, is used above)
Click to expand...
Click to collapse
twistedumbrella said:
Fastboot'un doğru şekilde kurulduğundan emin oldunuz mu?
Click to expand...
Click to collapse
yes, I am connecting it correctly, there is no problem with other rog series and phones, only rog 5 fastboot has this problem.
I can install csc rom via fsatboot but not stock rom
blackie0606 said:
yes, I am connecting it correctly, there is no problem with other rog series and phones, only rog 5 fastboot has this problem.
I can install csc rom via fsatboot but not stock rom
Click to expand...
Click to collapse
CSC ROM? There aren't carrier versions of the firmware.
twistedumbrella said:
CSC ROM? There aren't carrier versions of the firmware.
Click to expand...
Click to collapse
I have csc factory rom and I can install it but not stock it
<a href="https://dosya.co/m35dp9yme4mt/WhatsApp_Video_2021-09-01_at_16.23.22.mp4.html" target=_blank>WhatsApp Video 2021-09-01 at 16.23.22.mp4 - 2.4 MB</a>
blackie0606 said:
I have csc factory rom and I can install it but not stock it
<a href="https://dosya.co/m35dp9yme4mt/WhatsApp_Video_2021-09-01_at_16.23.22.mp4.html" target=_blank>WhatsApp Video 2021-09-01 at 16.23.22.mp4 - 2.4 MB</a>
Click to expand...
Click to collapse
There is no such thing as a CSC ROM on this phone. Every carrier uses the same Asus firmware.
It is possible it is a hardware issue, but I also notice you have a history of attempting modifications that wipe the IMEI. If it is a hardware issue, contact Asus support and schedule a repair. If you wiped the IMEI attempting to modify the phone, you'll have to wait for the firehose file to be available to fix it.
Sim recognition issue
Owned the phone for about a month now. Phone was working perfectly fine for the majority of this time. I use 2 different sims and they were both working smoothly until recently. A few days ago, I woke up and the phone wouldn't recognize the Sim...
forum.xda-developers.com
twistedumbrella said:
There is no such thing as a CSC ROM on this phone. Every carrier uses the same Asus firmware.
It is possible it is a hardware issue, but I also notice you have a history of attempting modifications that wipe the IMEI. If it is a hardware issue, contact Asus support and schedule a repair. If you wiped the IMEI attempting to modify the phone, you'll have to wait for the firehose file to be available to fix it.
Sim recognition issue
Owned the phone for about a month now. Phone was working perfectly fine for the majority of this time. I use 2 different sims and they were both working smoothly until recently. A few days ago, I woke up and the phone wouldn't recognize the Sim...
forum.xda-developers.com
Click to expand...
Click to collapse
I have my firehose file factory csc rom I just need to remove fastboot rom installation problem for me
New-Bitmap-Image
Image New-Bitmap-Image hosted in ImgBB
ibb.co
blackie0606 said:
I have my firehose file factory csc rom I just need to remove fastboot rom installation problem for me
Click to expand...
Click to collapse
Use EDL mode. That is supposed to always work, even on broken firmware.
If you do have the firehose file, you should probably post it in one of the multiple threads requesting it.
I don't have any ready edl stock rom, unfortunately, that's why I'm stuck in csc rom
twistedumbrella said:
Use EDL mode. That is supposed to always work, even on broken firmware.
If you do have the firehose file, you should probably post it in one of the multiple threads requesting it.
Click to expand...
Click to collapse
blackie0606 said:
I don't have any ready edl stock rom, unfortunately, that's why I'm stuck in csc rom
Click to expand...
Click to collapse
Repair your ASUS ROG Phone 5 with EDL mode
If your phone can only enter EDL mode (9008 mode) this firmware is glad to help you. It can be flashed in through the miflash tool. The firmware is made through the official package...
forum.xda-developers.com
EDL firmware without the firehose above, updated raw firmware below
ROG Phone 5 Ultimate | New Firmware WW-18.0840.2109.188 | WW RAW & ROOT Images
Model - ROG Phone 5 Ultimate (Possibly ROG Phone 5 as well see here ) 2021/11/05 Version Name - WW-18.0840.2109.188 Release Date - 2021/11/05 OTA Download Link - Download RAW Download Link - PENDING Stock Boot Image - Download Magisk Patched...
forum.xda-developers.com
Added bonus: another thread about possible hardware failure
Wifi and Hotspot Not Turning On
Hi, I bought my phone three months back. Ever since the last update Version Name - WW18.0840.2106.86 my wifi and Hotspot just won't turn on. I have been through the asus forum and seems like alot of customers are facing this issue. One of...
forum.xda-developers.com
twistedumbrella said:
Repair your ASUS ROG Phone 5 with EDL mode
If your phone can only enter EDL mode (9008 mode) this firmware is glad to help you. It can be flashed in through the miflash tool. The firmware is made through the official package...
forum.xda-developers.com
EDL firmware without the firehose above, updated raw firmware below
ROG Phone 5 Ultimate | New Firmware WW-18.0840.2109.188 | WW RAW & ROOT Images
Model - ROG Phone 5 Ultimate (Possibly ROG Phone 5 as well see here ) 2021/11/05 Version Name - WW-18.0840.2109.188 Release Date - 2021/11/05 OTA Download Link - Download RAW Download Link - PENDING Stock Boot Image - Download Magisk Patched...
forum.xda-developers.com
Wifi and Hotspot Not Turning On
Hi, I bought my phone three months back. Ever since the last update Version Name - WW18.0840.2106.86 my wifi and Hotspot just won't turn on. I have been through the asus forum and seems like alot of customers are facing this issue. One of...
forum.xda-developers.com
Added bonus: another thread about possible hardware failure
Click to expand...
Click to collapse
thanks bro i give you trouble
this doesn't work unfortunately
Repair your ASUS ROG Phone 5 with EDL mode
If your phone can only enter EDL mode (9008 mode) this firmware is glad to help you. It can be flashed in through the miflash tool. The firmware is made through the official package...
forum.xda-developers.com
Connect the cable to the side port
and finally i finished the brick file
Whats-App-Image-2021-09-03-at-20-46-43
Image Whats-App-Image-2021-09-03-at-20-46-43 hosted in ImgBB
ibb.co
Whats-App-Image-2021-09-03-at-20-45-47
Image Whats-App-Image-2021-09-03-at-20-45-47 hosted in ImgBB
ibb.co
Whats-App-Image-2021-09-03-at-20-45-46
Image Whats-App-Image-2021-09-03-at-20-45-46 hosted in ImgBB
ibb.co
Whats-App-Image-2021-09-03-at-20-45-45
Image Whats-App-Image-2021-09-03-at-20-45-45 hosted in ImgBB
ibb.co
blackie0606 said:
and finally i finished the brick file
Whats-App-Image-2021-09-03-at-20-46-43
Image Whats-App-Image-2021-09-03-at-20-46-43 hosted in ImgBB
ibb.co
Whats-App-Image-2021-09-03-at-20-45-47
Image Whats-App-Image-2021-09-03-at-20-45-47 hosted in ImgBB
ibb.co
Whats-App-Image-2021-09-03-at-20-45-46
Image Whats-App-Image-2021-09-03-at-20-45-46 hosted in ImgBB
ibb.co
Whats-App-Image-2021-09-03-at-20-45-45
Image Whats-App-Image-2021-09-03-at-20-45-45 hosted in ImgBB
ibb.co
Click to expand...
Click to collapse
Why is the thread tagged development for pictures of flashing the raw firmware?
because the crashed device was repaired via edl, so I made it that way...
How should I choose the title of the topic, maybe I chose the wrong one
blackie0606 said:
because the crashed device was repaired via edl, so I made it that way...
How should I choose the title of the topic, maybe I chose the wrong one
Click to expand...
Click to collapse
[INFO] Device Forum Rules (Please Read before Posting)
In this thread, we will provide a short Q&A for your stay on this forum. Please read thoroughly and act accordingly. While most that is needed to know is pointed out in the Forum Rules, history shows that some points of these rules are not...
forum.xda-developers.com
General
blackie0606 said:
and finally i finished the brick file
Whats-App-Image-2021-09-03-at-20-46-43
Image Whats-App-Image-2021-09-03-at-20-46-43 hosted in ImgBB
ibb.co
Whats-App-Image-2021-09-03-at-20-45-47
Image Whats-App-Image-2021-09-03-at-20-45-47 hosted in ImgBB
ibb.co
Whats-App-Image-2021-09-03-at-20-45-46
Image Whats-App-Image-2021-09-03-at-20-45-46 hosted in ImgBB
ibb.co
Whats-App-Image-2021-09-03-at-20-45-45
Image Whats-App-Image-2021-09-03-at-20-45-45 hosted in ImgBB
ibb.co
Click to expand...
Click to collapse
blackie0606 said:
After the software update, the wifi disappeared, then the software did not install via fastboot and now I am stuck on this screen, cannot install via fastboot at all.
İndir 1f950089 8837 4086 a7c3 c13e9255541e
Dosyayı indir 1f950089 8837 4086 a7c3 c13e9255541e
dosya.co
İndir photo5870996672321008991
Dosyayı indir photo5870996672321008991
dosya.co
1f950089-8837-4086-a7c3-c13e9255541e.mp4 - 9.3 MB
photo5870996672321008991.jpg - 157 KB
Click to expand...
Click to collapse
Sir I Also Have Same Issue Plz Help Me
and I will ask out of curiosity how did you bring your phones to such a state?
ONLY WORKS FOR THE G900TM SINCE THAT MODEL HAS A MEDIATEK CHIP, DO NOT TRY THIS ON ANY OTHER VELVET MODEL
Prerequisites:
MTKclient: this is the free tool we will use to unlock the bootloader, follow the installation instructions here or use the provided LiveDVD that has everything ready to go: https://github.com/bkerler/mtkclient
LGUP: Use this patched one: https://tbl-locksmiths.com/d/4-lgup-1163-patched-latest
ADB (Android Debug Bridge): See here on how to install ADB: https://www.xda-developers.com/install-adb-windows-macos-linux/
FOR NOW YOU MUST USE AN UBUNTU OR DEBIAN BASED LINUX DISTRO SINCE MTKCLIENT DOES NOT PLAY NICE WITH AND REQUIRES MORE STEPS TO WORK ON WINDOWS. A VIRTUAL MACHINE WILL WORK FINE FOR THIS TUTORIAL.
UNLOCKING THE BOOTLOADER WILL WIPE YOUR DATA, PLEASE MAKE SURE YOU HAVE BACKED YOUR DATA UP BEFORE ATTEMPTING THIS.
1. If you are on Android 11 already, please downgrade to Android 10 first using the G900TM14k KDZ before attempting this. You can download it here or from another website. https://drive.google.com/file/d/1GYOHiuIbOqO9x_t8E-dvLI3sEKDe6fRS/view?usp=sharing
Spoiler: Nerd explanation 🤓
The reason that we are doing this is because in the Android 11 firmware, the phone’s preloader (first stage bootloader) has the exploit MTKclient needs to crash the phone into BROM mode (Mediatek equivalent to Qualcomm EDL mode) patched out. This means MTKclient will not work with the Android 11 firmware installed, unless you are willing to open up the phone and short some test points! By downgrading to Android 10, the exploitable preloader can be put back onto the device.
2. Install LGUP, then launch it when it is done. Make sure the “refurbish” option is selected, then click the button with the three dots that is circled in the picture.
Spoiler: LGUP
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
3. Select the G900TM14k kdz file. Then click start and wait for the kdz to finish flashing.
Spoiler
4. Now you are ready to use MTKclient. When using it, make sure the phone is powered off, run a command, and then plug the phone into your PC. Follow the instructions here: https://github.com/bkerler/mtkclient#unlock-bootloader
Output should look something like this example output:
Code:
[email protected]:~/Desktop/mtkclient-main$ python mtk e metadata,userdata,md_udc
MTK Flash/Exploit Client V1.50 (c) B.Kerler 2018-2021
Preloader - Status: Waiting for PreLoader VCOM, please connect mobile
Port - Hint:
Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
Port - Device detected :)
Preloader - CPU: MT6885/MT6883/MT6889/MT6880/MT6890(Dimensity 1000L/1000)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0xa
Preloader - Disabling Watchdog...
Preloader - HW code: 0x816
Preloader - Target config: 0x5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: False
Preloader - Mem write auth: False
Preloader - Cmd 0xC8 blocked: False
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xcb00
Preloader - SW Ver: 0x1
Mtk - We're not in bootrom, trying to crash da...
PLTools - Crashing da...
Preloader
Preloader - [LIB]: upload_data failed with error: DAA_SIG_VERIFY_FAILED (0x7024)
Preloader
Preloader - [LIB]: Error on uploading da data
Preloader - Jumping to 0x0
usb_class - USBError(19, 'No such device (it may have been disconnected)')
Preloader - Status: Waiting for PreLoader VCOM, please connect mobile
Port - Hint:
Power off the phone before connecting.
For brom mode, press and hold vol up, vol dwn, or all hw buttons and connect usb.
For preloader mode, don't press any hw button and connect usb.
Port - Device detected :)
Preloader - CPU: MT6885/MT6883/MT6889/MT6880/MT6890(Dimensity 1000L/1000)
Preloader - HW version: 0x0
Preloader - WDT: 0x10007000
Preloader - Uart: 0x11002000
Preloader - Brom payload addr: 0x100a00
Preloader - DA payload addr: 0x201000
Preloader - CQ_DMA addr: 0x10212000
Preloader - Var1: 0xa
Preloader - Disabling Watchdog...
Preloader - HW code: 0x816
Preloader - Target config: 0xe5
Preloader - SBC enabled: True
Preloader - SLA enabled: False
Preloader - DAA enabled: True
Preloader - SWJTAG enabled: True
Preloader - EPP_PARAM at 0x600 after EMMC_BOOT/SDMMC_BOOT: False
Preloader - Root cert required: False
Preloader - Mem read auth: True
Preloader - Mem write auth: True
Preloader - Cmd 0xC8 blocked: True
Preloader - HW subcode: 0x8a00
Preloader - HW Ver: 0xcb00
Preloader - SW Ver: 0x1
Preloader - ME_ID: 2DF842BC6706D1EA3150DC28E8B69081
Preloader - SOC_ID: D68B399A7D66DF240C22270698248840AF48675FA82F2F5B8B2048A993A646B3
PLTools - Loading payload from mt6885_payload.bin, 0x264 bytes
PLTools - Kamakiri / DA Run
Kamakiri - Trying kamakiri2..
Kamakiri - Done sending payload...
PLTools - Successfully sent payload: /home/sugondeseballs/Desktop/mtkclient-main/mtkclient/payloads/mt6885_payload.bin
Port - Device detected :)
Main - Device is protected.
Main - Device is in BROM mode. Trying to dump preloader.
DAXFlash - Uploading stage 1 from MTK_AllInOne_DA_5.2124.bin
DAXFlash - Successfully uploaded stage 1, jumping ..
Preloader - Jumping to 0x200000
Preloader - Jumping to 0x200000: ok.
DAXFlash - Successfully received DA sync
DAXFlash - UFS FWVer: 0x2020
DAXFlash - UFS Blocksize:0x1000
DAXFlash - UFS ID: SDINEDK4-128G
DAXFlash - UFS CID: 45015344494e45444b342d3132384720
DAXFlash - UFS LU0 Size: 0x1dcd800000
DAXFlash - UFS LU1 Size: 0x400000
DAXFlash - UFS LU2 Size: 0x400000
DAXFlash - DRAM config needed for : 45015344494e45444b342d3132384720
DAXFlash - Sending emi data ...
DAXFlash - Sending emi data succeeded.
DAXFlash - Uploading stage 2...
DAXFlash - Successfully uploaded stage 2
DAXFlash - UFS FWVer: 0x2020
DAXFlash - UFS Blocksize:0x1000
DAXFlash - UFS ID: SDINEDK4-128G
DAXFlash - UFS CID: 45015344494e45444b342d3132384720
DAXFlash - UFS LU0 Size: 0x1dcd800000
DAXFlash - UFS LU1 Size: 0x400000
DAXFlash - UFS LU2 Size: 0x400000
DAXFlash - DA-CODE : 0x161E0
DAXFlash - DA Extensions successfully added
DAXFlash - Formatting addr 0x94a2000 with length 0x2000000, please standby....
DAXFlash - Successsfully formatted addr 0x94a2000 with length 33554432.
Formatted sector 38050 with sector count 8192.
DAXFlash - Formatting addr 0x462800000 with length 0x1962800000, please standby....
DAXFlash - Successsfully formatted addr 0x462800000 with length 109026738176.
Formatted sector 4597760 with sector count 26617856.
DAXFlash - Formatting addr 0x7e08000 with length 0x169a000, please standby....
DAXFlash - Successsfully formatted addr 0x7e08000 with length 23699456.
Formatted sector 32264 with sector count 5786.
[email protected]:~/Desktop/mtkclient-main$ python mtk xflash seccfg unlock
MTK Flash/Exploit Client V1.50 (c) B.Kerler 2018-2021
sej - HACC init
sej - HACC run
sej - HACC terminate
sej - HACC init
sej - HACC run
sej - HACC terminate
sej - HACC init
sej - HACC run
sej - HACC terminate
Progress: |██████████████████████████████████████████████████| 100.0% Write (Sector 0x1 of 0x1, ) 0.05 MB/s
xflashext - Successfully wrote seccfg.
Congrats! Your bootloader is now unlocked!
Now if you want to flash back to Android 11 first and then root, you can! You can either perform the OTA updates needed to get to the latest Android 11 software version, or just download an Android 11 KDZ from one of those websites that hosts LG firmware and flash it with the “Upgrade” option selected in LGUP.
But doing so will replace the exploitable preloader. If you still want MTKclient to work, follow this process:
Download an Android 11 KDZ
Open up LGUP and select the KDZ
Select the “Partition DL” option and press “Start”
When the partition list window pops up, click “Select all” and uncheck the preloader partition, then press OK to start flashing.
Spoiler: Partition list window
ROOTING INSTRUCTIONS (this part can be done in Windows or Linux):
To root, dump both of the boot images from the phone using “python mtk r boot_a boot_a.bin” and “python mtk r boot_b boot_b.bin”. It’s fine to dump only boot_a or boot_b, but make sure to verify which boot slot your phone is in first, then dump the correct image.
Turn the phone back on, then download the Magisk APK file from its Github page, and install it.
Copy the dumped boot images to your phone’s storage.
Then in the Magisk app, tap the Install button in the Magisk box, then tap “Select and patch a file”.
Select your boot image, then press “Let’s go”.
Wait for it to patch the boot image.
When the app finishes patching the boot image it will be in the Downloads folder. If you want to patch the other boot image, repeat this process.
When you have your patched boot images, copy them back to your computer, preferably to the same directory/folder where ADB is installed to.
Make sure USB Debugging is enabled in the developer settings on your phone, then connect the phone to your computer. Allow the computer to access the phone if needed.
Open up a command prompt in the folder where the boot images are and where ADB is installed and type “adb reboot fastboot”.
Wait for the phone to boot to fastboot, then type and run these commands: “fastboot flash boot_a boot_a.bin” and “fastboot flash boot_b boot_b.bin”.
Reboot the phone.
You’re rooted!
Big thanks to @Warlockguitarman, who discovered the bootloader unlock exploit, and Bjoern Kerler, the author of MTKclient and integrated the exploit into the tool. Without them, many Mediatek devices including the T-Mobile Velvet would probably never have root!
Some pictures of my rooted Velvet
If you happen to hard brick your device enough so that it only gets detected as a USB port, here are the unbrick files to get the phone to download mode. You will need to flash these using SP Flash Tool with the "Format all + Download" option. This will nuke your IMEI and serial number, however it is not too difficult to write those back to the phone.
Velvet (MTK) - Google Drive
drive.google.com
Reserved
Thanks for the write-up! quick question: any issues with the fingerprint function? I heard that some LG phones have issues with finger sensor after unlock, not sure if that applies here. I'm assuming this would break the OTA?
Metconnect2000 said:
Thanks for the write-up! quick question: any issues with the fingerprint function? I heard that some LG phones have issues with finger sensor after unlock, not sure if that applies here. I'm assuming this would break the OTA?
Click to expand...
Click to collapse
Hi, the fingerprint still works perfectly after unlocking the bootloader. If you root then you will break OTA updates. But I consider that an improvement for this phone because T-Mobile loves to force OTAs on their phones lol
Wish39 said:
Hi, the fingerprint still works perfectly after unlocking the bootloader. If you root then you will break OTA updates. But I consider that an improvement for this phone because T-Mobile loves to force OTAs on their phones lol
Click to expand...
Click to collapse
Cool. Thanks!
I'm having trouble with unlocking the bootloader. I'm using the Live DVD from the MTKClient, but it seems to be getting stuck with "Status: Handshake failed, retrying..." and "Please disconnect, start mtkclient and reconnect". I'm not too familiar with Linux, I'm just double clicking the "MTK" app on the Live DVD desktop and running the commands from there. My device is powered off when running the commands and downgraded to Android 10. I have tried using the Live DVD on a virtual machine and running on two computers, but it doesn't seem to change anything.
EDIT: Used version 1.52 under the releases tab in Github and was successful. For idiots like me, heres what I did:
1. Download the Live CD provided and run it on a computer
2. On a seperate computer, download the latest release of MTKClient under the releasess tab (version 1.52) and extract to a USB drive
3. Boot into Live USB
4. Copy over MTKClient version 1.52 to Live CD
5. In the MTKClient files, right click and click "Open Terminal Here"
6. Follow original steps above to unlock bootloader
To root, I also used the Live CD since I kept getting issues in Windows
1. In Linux terminal, run "sudo apt-get install android-tools-fastboot" and "sudo apt-get install android-tools-adb"
2. Follow original steps to root phone
3. Make sure you replace "boot_a.bin" with the name of the file that Magisk generated
4. I typed in "fastboot flash boot_a" and then dragged the Magisk generated file and did that for Boot_b too
username32 said:
I'm having trouble with unlocking the bootloader. I'm using the Live DVD from the MTKClient, but it seems to be getting stuck with "Status: Handshake failed, retrying..." and "Please disconnect, start mtkclient and reconnect". I'm not too familiar with Linux, I'm just double clicking the "MTK" app on the Live DVD desktop and running the commands from there. My device is powered off when running the commands and downgraded to Android 10. I have tried using the Live DVD on a virtual machine and running on two computers, but it doesn't seem to change anything.
EDIT: Used version 1.52 under the releases tab in Github and was successful. For idiots like me, heres what I did:
1. Download the Live CD provided and run it on a computer
2. On a seperate computer, download the latest release of MTKClient under the releasess tab (version 1.52) and extract to a USB drive
3. Boot into Live USB
4. Copy over MTKClient version 1.52 to Live CD
5. In the MTKClient files, right click and click "Open Terminal Here"
6. Follow original steps above to unlock bootloader
To root, I also used the Live CD since I kept getting issues in Windows
1. In Linux terminal, run "sudo apt-get install android-tools-fastboot" and "sudo apt-get install android-tools-adb"
2. Follow original steps to root phone
3. Make sure you replace "boot_a.bin" with the name of the file that Magisk generated
4. I typed in "fastboot flash boot_a" and then dragged the Magisk generated file and did that for Boot_b too
Click to expand...
Click to collapse
What were the hardware key combo you used to get to BROM mode? I keep getting the handshake failed error, even though the other LG devices worked before.
Wish39 said:
Hi, the fingerprint still works perfectly after unlocking the bootloader. If you root then you will break OTA updates. But I consider that an improvement for this phone because T-Mobile loves to force OTAs on their phones lol
Click to expand...
Click to collapse
I was unable to do OTA updates even after I restored the stock boot img. It seems like bootloader unlock breaks OTA updates.
lentm said:
I was unable to do OTA updates even after I restored the stock boot img. It seems like bootloader unlock breaks OTA updates.
Click to expand...
Click to collapse
It normally will.I get a strange hex message when it tries to update,and it will tell you to contact LG Support.
Surgemanxx said:
It normally will.I get a strange hex message when it tries to update,and it will tell you to contact LG Support.
Click to expand...
Click to collapse
It didn't matter as we could just do manual update with kdz files, but it feels like something happened on their T-Mobile version development.
We used to get the kdz file every 2-3 months, still nothing even when 20i ota is out already, and still no pending Android 12 updates on T-Mobile list.
lentm said:
It didn't matter as we could just do manual update with kdz files, but it feels like something happened on their T-Mobile version development.
We used to get the kdz file every 2-3 months, still nothing even when 20i ota is out already, and still no pending Android 12 updates on T-Mobile list.
Click to expand...
Click to collapse
I agree!T-Mobile's Velvet is still lagging behind for A12,and I'm assuming because of the Mediatek chipset is the reason being.I currently have the Verizon,and the AT&T versions and they was OTA'd a couple months ago.But,I think their just compiling 1 version for most of these last devices because they have the same Qualcomm chipsets.I have the LG Wing,and it's in the same boat still.It's still sitting at A11 and nothing in the works to go to A12 I have seen.
lentm said:
I was unable to do OTA updates even after I restored the stock boot img. It seems like bootloader unlock breaks OTA updates.
Click to expand...
Click to collapse
Unlocking the bootloader may or may not break OTA updates on T-Mobile/Metro LG devices in my experience.
I had a Metro K51 that had OTA's break after just unlocking its bootloader, meanwhile my T-Mobile Velvet was able to OTA update even after unlocking its bootloader.
T-Mobile LG's use Google Play Services to distribute OTA updates, so it's something with GMS I guess, not sure.
lentm said:
What were the hardware key combo you used to get to BROM mode? I keep getting the handshake failed error, even though the other LG devices worked before.
Click to expand...
Click to collapse
There's no BROM hardware key combo, did you downgrade the phone first?
Easiest way is to downgrade to Android 10, run a command on mtkclient and then simply power off the phone, plug it into your PC and let mtkclient do the work.
The only other way is to disassemble the phone and short the BROM testpoints on the motherboard, then plug the phone into your PC.
Surgemanxx said:
I agree!T-Mobile's Velvet is still lagging behind for A12,and I'm assuming because of the Mediatek chipset is the reason being.I currently have the Verizon,and the AT&T versions and they was OTA'd a couple months ago.But,I think their just compiling 1 version for most of these last devices because they have the same Qualcomm chipsets.I have the LG Wing,and it's in the same boat still.It's still sitting at A11 and nothing in the works to go to A12 I have seen.
Click to expand...
Click to collapse
Korean Wing does have Android 12
Wish39 said:
Korean Wing does have Android 12
Click to expand...
Click to collapse
Yes,built from the Velvet 765g firmware.Nothing for other regions as of yet.
Wish39 said:
Unlocking the bootloader may or may not break OTA updates on T-Mobile/Metro LG devices in my experience.
I had a Metro K51 that had OTA's break after just unlocking its bootloader, meanwhile my T-Mobile Velvet was able to OTA update even after unlocking its bootloader.
T-Mobile LG's use Google Play Services to distribute OTA updates, so it's something with GMS I guess, not sure.
Click to expand...
Click to collapse
If your Velvet was able to OTA update, it's probably because I unchecked preloader with PARTITION D/L option on LGUP when upgrading to Android 12.
A) Since this is a mediatek chipped device, is it not possible to unlock bootloader via adb and fastboot commands from a windows rig?
Then patch the boot image with magisk.
Flash patched image with adb or the smart phone flash tool?
Ive had success with other brands on mediatek android 10 using this method.
--> Here is a guide thats similar to the method ive successfully used to root other devices, but for mediatek android 11 devices
--> Here is another guide specifically for LG devices from the same source as above
--------------------
B) Re: Resources for the method in post 1
1. Anyone have the link to the latest android 11 kdz [G900TM20i]? I cant find a copy for d/l. Seems to be discrepancy whether OTA update will work post-root, and would like to have latest security patch
2. Is there a minimum version of ubuntu to use? I have one in the archives but it has to be at least a few years old. Should it work or do i want to grab a newer version to be sure?
--------------------
Thanks for the guide and help.
I just picked up this mint unlocked t-mobile velvet for less than $150 and so far seem like a nice device. Only gripe is no face unlock. Noticed a faceprint and handprint option in the service menu, but my understanding is that it doesnt serve any function on this device.
One of the main reasons i picked this device up was due to the mediatek chipset, and that mediatek devices are typically rootable with a generic process like i linked above. Im glad to see it can be rooted, even if not via the 'typical method' ive used for others.
@double b26 Hey whats up. The normal fastboot method doesn't work for newer LG devices because those don't have normal fastboot, they only have fastbootd, which is fastboot in userspace. The bootloader unlock commands are missing, so you can't really do anything in there besides flash some partitions while in there.
As of now there isnt a KDZ for G900TM20i, and I recommend you use Ubuntu 20.04 LTS or newer so you dont run into compatibility issues.
Also I believe the handprint and faceprint options in the hidden menu are meant for the G8, guess LG was too lazy to remove those options.
Hello everyone!) I accidentally deleted the partition from the system boot, etc. phone in edl now
When I try to flash through qfil, I get the error fhloader process failed, and before that Something failed. The target rejected your <configure>. Please check the log for more information
Drivers from Lenovo
There is no EDL authentication
Tried to flash device's Stock ROM via QFIL tool? It's Qualcomm SoC based device?
jwoegerbauer said:
Tried to flash device's Stock ROM via QFIL tool? It's Qualcomm SoC based device?
Click to expand...
Click to collapse
When I try to flash through qfil, I get the error fhloader process failed, and before that Something failed. The target rejected your <configure>. Please check the log for more information
You must not repeat things already told.
jwoegerbauer said:
You must not repeat things already told.
Click to expand...
Click to collapse
ok
[No auth collection] Xiaomi No Auth Firehose Files for Qualcomm based phones.
What is this file? As we all know that Xiaomi has blocked offline flashing with authentication to flash their device. This files will ultimately help you to fix the Mi Account Authorization issue and hence unbrick your Xiaomi device via EDL mode...
forum.xda-developers.com
Xiaomi Firmware Updater
The ultimate script that provides firmware packages for Xiaomi devices.
xiaomifirmwareupdater.com
GitHub - bkerler/edl: Inofficial Qualcomm Firehose / Sahara / Streaming / Diag Tools :)
Inofficial Qualcomm Firehose / Sahara / Streaming / Diag Tools :) - GitHub - bkerler/edl: Inofficial Qualcomm Firehose / Sahara / Streaming / Diag Tools :)
github.com